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REMARKS 

In response to the Office Action mailed December 8, 2008, Applicants 
respectfully request reconsideration. To further the prosecution of this 
Application, Applicants submit the following remarks. The claims are believed to 
be in allowable condition. 

Claims 1-15, 21-25, and 31-38 are pending in this Application. Claims 32, 
34, 36, and 38 have been withdrawn from consideration. Claims 1,6, 11, and 21 
are independent claims. 

Reiections under §102 and §103 

Claims 1-15 and 21-25 were rejected under 35 U.S.C. §1 02(b) as being 
anticipated by "Network Intrusion Detection: Evasion, Traffic Normalization, and 
End-to-End Protocol Sematics" (Handley, et al.). Claims 31 , 33, 35, and 37 were 
rejected under 35 U.S.C. §1 03(a) as being unpatentable over Handlev in view of 
U.S. Patent Publication No. 2003/00095494 (McElligott). 

Applicants respectfully traverse each of these rejections and request 
reconsideration. The claims are in allowable condition. 

Handlev teaches several methods by which an attacker can evade 
detection by a network intrusion detection system (NIDS) by exploiting 
ambiguities (Pages 1-3). Handlev then discloses a normalizer which is capable of 
altering packets to remove certain ambiguities to prevent these kinds of attacks 
from succeeding (Pages 3-15). In particular, one ambiguity that is discussed is 
the situation in which a packet arrives at a NIDS with a time-to-live (TTL) field too 
small to allow it to reach its destination (Page 2, Col. 1 , item iii). A solution to this 
problem is presented according to which a packet normalizer increases the TTL 
of every incoming packet to a value large enough to ensure that every path within 
the protected network is reachable (Page 4, Col. 2, fourth paragraph and Page 9, 
Col. 1, at TTL solution #3). 
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Claims 1-5 

Claim 1 recites a method of blocking attacks on a protected computer 
network. The method includes (a) receiving a plurality of packets from a network, 
each packet having a packet time to live (TTL) value and belonging to a 
corresponding packet flow, (b) storing the smallest packet TTL value received 
from each corresponding packet flow, and (c) prior to transmitting each packet, 
setting the packet TTL value to the smallest packet TTL value received for the 
corresponding packet flow. 

The cited reference does not teach a method which includes, prior to 
transmitting each packet, setting a packet TTL value to the smallest packet TTL 
value received for a corresponding packet flow. In contrast, Handlev discloses a 
normalizer which raises the TTL of an incoming packet to a minimum- 
acceptable value in order to ensure that the packet will be able to reach any 
point within the internal network without timing out (Page 4, Col. 2, fourth 
paragraph and Page 9, Col. 1 , at TTL solution #3). 

Claim 1 distinguishes over Handlev for the reasons previously presented 
in the Amendment filed on August 1 1 , 2008. The Office Action argues that these 
reasons are not persuasive. Applicants respectfully disagree. 

Applicants intend to show that the Office Action has inadvertently 

mischaracterized the prior art reference. 

The Office Action, on page 7, responds to Applicants' traversal by arguing 
that, in Handlev . each TTL is inherently stored^ when it is handled within a digital 
system, and if a packet arrives with a TTL less than the "configured minimum," 
then it is "restored" (see Office Action at page 7) to the minimum. 

^ Applicants wish to respectfully point out that this is a red herring because even if the TTL of 
each packet received by Handlev is inherently stored (and Applicants make no admission by this 
statement), the claim still requires setting the packet TTL value to the smallest packet TTL value 
received for the corresponding packet flow, which, it will be shown below, is not shown by 
Handlev . 
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It seems that the Office Action has inadvertently misunderstood the word 
"minimum. " Handlev teaches: "Configure the normalizer with a TTL that is 
larger than the longest path across the internal site. If pacltets arrive that have 
a TTL lower than the configured minimum, then the normalizer restores the 
TTL to the minimum" (Page 9, Col. 1 , at TTL solution #3) (emphasis added). 
The ending words, "the minimum" clearly refer back to the words "the configured 
minimum" for antecedent basis^, and those words, in turn, clearly refer back to 
the words ""[c]onfigure the normalizer with a TTL that is larger than the longest 
path across the internal site" for antecedent basis. 

The normalizer, for each received packet, therefore, modifies the TTL of 
that packet by increasing it to the configured minimum, which was configured 
to be a TTL that is larger than the longest path across the internal site. Thus, 
the ""minimum" of Handlev is clearly not equivalent to the smallest packet TTL 
value received for the corresponding packet flow, since the ""minimum" of 
Handlev is a minimum number of hops required to traverse the internal site, 
rather than a smallest TTL value received irom a flow. Thus, Handlev does not 
teach setting the packet TTL value to the smallest packet TTL value received for 
the corresponding packet flow. 

For the reasons stated above, claim 1 patentably distinguishes over the 
cited prior art, and the rejection of claim 1 under 35 U.S.C. §1 02(b) should be 
withdrawn. Accordingly, claim 1 is now in allowable condition. 

Because claims 2-5 and 32-32 depend from and further limit claim 1 , 
claims 2-5 and 31-32 are in allowable condition for at least the same reasons. 
Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 



^ Applicants use the term "antecedent basis" in the ordinary grammatical meaning of the term rather than in 
the technical meaning of the term as applied to claim construction under 35 U.SC. § 1 12. Clearly, the rules 
of English grammar are needed to properly understand the meaning of any document written in English, 
including prior art references. See Finisar Corp. v. The DirecTV Group, 07-1023, *20-22 (Fed. Cir., April 
18, 2008). 
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Claims 6-15. 21-25. and 33-38 

Claims 6, 11 , and 21 recite limitations which are similar to the limitations of 
claim 1 . Accordingly, claims 6, 1 1 , and 21 distinguish over the prior art for 
reasons similar to those presented above in connection with claim 1 . 

For the reasons stated above, claims 6, 11, and 21 patentably distinguish 
over the cited prior art, and the rejection of claims 6, 1 1 , and 21 under 35 U.S.C. 
§1 02(b) should be withdrawn. Accordingly, claims 6, 11, and 21 are in allowable 
condition. 

Because claims 7-10 and 33-34 depend from and further limit claim 6, 
claims 7-10 and 33-34 are in allowable condition for at least the same reasons. 
Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 

Because claims 12-15 and 35-36 depend from and further limit claim 1 1 , 
claims 12-15 and 35-36 are in allowable condition for at least the same reasons. 

Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 

Because claims 22-25 and 37-38 depend from and further limit claim 21 , 
claims 22-25 and 37-38 are in allowable condition for at least the same reasons. 
Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 

Conclusion 

In view of the foregoing remarks, this Application should be in condition for 
allowance. A Notice to this effect is respectfully requested. If the Examiner 
believes, after this Response, that the Application is not in condition for 
allowance, the Examiner is respectfully requested to call the Applicants' 
Representative at the number below. 
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Applicants hereby petition for any extension of time which is required to 
maintain the pendency of this case. If there is a fee occasioned by this 
Response, Including an extension fee, please charge any deficiency to Deposit 
Account No. 50-3661 . 

If the enclosed papers or fees are considered Incomplete, the Patent 
Office Is respectfully requested to contact the undersigned collect at 
(508) 616-2900, in Westborough, Massachusetts. 

Respectfully submitted. 



/Michael Ah Behar/ 

M. Ari Behar, Esq. 

Attorney for Applicants 

Registration No.: 58,203 

Bainwood, Huang & Associates, L.L.C. 

Highpoint Center 

2 Connector Road 

Westborough, Massachusetts 01581 
Telephone: (508)616-2900 
Facsimile: (508) 366-4688 
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